Raised: $0
0% of monthly goal Help us cross the finish line!
Goal: $12,000
Raised: $0 Goal: $12,000
0% of monthly goal Help us cross the finish line!
Sponsor DDEV

add-on registry tests last commit release

DDEV Bearer

Overview

Bearer CLI is a static application security testing (SAST) tool.

It scans your source code and analyzes your data flows to discover, filter and prioritize security and privacy risks, with built in rules to cover the OWASP Top 10 and CWE Top 25.

Installation

# Install the add-on
ddev add-on get massiws/ddev-bearer

# Restart DDEV
ddev restart

# Generates a default config to `bearer.yml`
ddev bearer init

After installation, you may want to customize the default configuration settings by editing the bearer.yml file: see docs for more information.

Important: restart DDEV after making changes to the bearer.yml file.

Make sure to commit the .ddev directory and the bearer.yml file to version control.

Usage

Display available commands and usage information:

  ddev bearer

Scan project using default configuration in bearer.yml:

  ddev bearer scan .

Scan project only for specified Severity Levels:

  ddev bearer scan . --severity critical,high

Scan all project files searching for hardcoded credentials (see Scanner Types:

  ddev bearer scan . --scanner=secrets

Scan a specific file or folder, also adding context (see Bearer Flags)

  ddev bearer scan <file/path> --context=health

Ignore a reported risk adding the fingerprint to your ignore file:

  ddev bearer ignore add <fingerprint> --author Mish --comment "Possible false positive"

TIP: to avoid specify author each time, you may want to configure your git username in DDEV globals:

  ln -s $HOME/.gitconfig $HOME/.ddev/homeadditions/.gitconfig

See Bearer documentation for a complete list of commands and flags.

Credits

Contributed and maintained by @massiws